Hackers vs. DC voting system: Hackers win
Online system for overseas ballots is defeated during a trial run
The Washington, D.C., Board of Elections and Ethics threw down the gauntlet last week, challenging hackers to have a go at its online voting system. The hackers won the duel.
During a one-week trial of the Digital Vote by Mail system, a University of Michigan professor unleashed his students, and one of them breached the system, Mike DeBonis reports in the Washington Post. When someone cast a vote, the website played “The Victors,” Michigan’s fight song.
The fight song added a touch of humor, but it also revealed a serious flaw. Jeremy Epstein, a computer scientist working for Common Cause, told DeBonis that "in order to do that, they had to be able to change anything they wanted on the Web site."
The board developed the system with the Open Source Digital Voting Foundation with the goal of allowing military and overseas absentee voters to return their ballots more quickly and securely than by mail. The Military and Overseas Voter Empowerment Act, passed in 2009, put Washington and some other voting districts in a bind by requiring a 45-day round-trip for absentee ballots.
D.C.’s short window between the primary and general elections this year has made absentee voting by postal mail unlikely to be done in time, DeBonis writes. So the board pursued the online voting system for about 930 overseas voters.
Before the board conducted the test, Common Cause had warned it about potential problems with the system in letters from voting advocacy groups and computer experts. But the board maintained that the system was secure and invited hackers to attack it during the trial run.
With the system now back on the drawing board, D.C. voters will have to go back to mailing absentee ballots, faxing them or attaching them to an e-mail message.
The use of digital voting systems has fostered an ongoing debate over whether they’re secure and accurate.
One point of contention has been the need for a paper trail to confirm the accuracy of votes cast electronically. VerifiedVoting.org, a nonprofit group, keeps track of which states require voter-verified paper records.
Some other efforts have aimed to improve voting systems. A recent report by the Brennan Center for Justice at New York University School of Law recently called for a national database of voting system flaws to help investigate vulnerabilities.
If there’s a silver lining for Washington, it’s that the hack happened during a test rather than an actual election. The board is now aiming to have a working system ready by spring 2011.